[Grooveshark]

No, just doing probably exactly what you did; decompile the main.swf and read through the action script.

Someone has been looking at my codes, haven't they :P

[Grooveshark]

I've been looking into this recently and the problem I have come across is that the token they are using is 46 charactors. This means it would have to be an 184-bit hash function which as far as I can tell doesn't exist. I agree that it has to be based on the current time since they are no constant characters. I'm trying to see if maybe it is the current time encrypted using the token as the key.

If anyone else has any insight on this it would be great.

EDIT:

I found the solution:

generate a 6 random leters and numbers such as: d298c5

Then find the name of the command you are going to run: logoutUser

get your communicationToken: 4b6706fb94216

generate the sha1 hash of param+":"+communicationToken+":theColorIsRed:"+theRandom:

"logoutUser:4b6706fb94216:theColorIsRed:d298c5"

gives you e36c21d4a8585d5144643a1477a7d7dd9fb95fdb

append the random onto the front giving: d298c5e36c21d4a8585d5144643a1477a7d7dd9fb95fdb

and there's your Token.

After changing the client revision, the program still does not work anymore. The response when searching for a song is "Bad Token". After taking a look with Tamper Data it seems that the communication token is not used "as is" anymore when sending a request to Grooveshark, but is now longer and different for every request.

The new token probably hashes one or more of the following: time, the communication token, the song title, other, but it's pretty hard to figure out how it is formed exactly. Do you have any idea?